AppleInsider is supported by your audience and can earn commissions as an Amazon Associate and Affiliate Partner on qualifying purchases. These affiliate associations do not influence our editorial content.
As part of Apple’s initiative to combat state-sponsored spyware, or more specifically the surveillance and monitoring of Apple device owners, the company is introducing a system that will alert users when they are believed to be targets of such attacks.
Apparently developed to aid law enforcement campaigns, Pegasus relies on vulnerabilities, such as the now patched FORCEDENTRY exploit, to install a surveillance package capable of granting access to ios and Android device microphones and cameras, as well as embedded data. The tool is sold, allegedly indiscriminately, to governments with a poor human rights record, who have used it in the past to monitor journalists, activists, researchers, politicians and other targets of interest.
Apple said it is notifying a “small number of users” who were attacked by FORCEDENTRY, and promised to continue alerting customers if future attacks are detected.
“Whenever Apple discovers activity consistent with a state-sponsored spyware attack, it will notify affected users in accordance with industry best practices,” the company said.
The system is already active, as Reuters report On Wednesday details the alert messages that were sent to at least six Thai activists and researchers.
Apple explains threat notifications in a supporting document. While the inherent nature of costly, complex, and highly targeted state-sponsored attacks prevents most users from being exposed, Apple says that if one of its customers is affected, they can expect to be informed in two ways: a prominent alert notification displayed at the top of the Apple ID website and email alerts and iMessage to the address and phone number associated with an Apple ID.
Apple notifications will never ask users to click links, open files, install apps or profiles, or provide their Apple ID password or verification code via email or phone, the company says. Those who receive a threat notification can verify its authenticity by visiting the Apple ID portal, where an identical alert will appear if the message is genuine.
The tech giant acknowledges that false alarms are possible and that the system may not detect all attacks. As a precaution, users are encouraged to follow these best practices:
- Update devices to the latest software as it includes the latest security fixes.
- Protect devices with a passcode
- Use two-factor authentication and a strong password for your Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
In addition to the notification service, Apple is providing technical, threat intelligence and engineering assistance to Citizen Lab, the group that first identified FORCEDENTRY, and will offer the same assistance to similar security research organizations. The company is also donating $ 10 million and any damages won in its lawsuit against NSO to cyber surveillance research and advocacy organizations.